Czyli co zrobić żeby go wywalić? daje loga z Hijack'a i Silent... :gazeta:
[ Dodano: 22-03-2007, 13:14 ]
"Silent Runners.vbs", revision R50,
http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"PowerBar" = "(empty string)" [file not found]
"MSMSGS" = ""C
rogram FilesMessengermsmsgs.exe" /background" [MS]
"NBJ" = ""C
ROGRA~1AheadNEROBA~1NBJ.exe"" ["Ahead Software AG"]
"Gadu-Gadu" = ""C
rogram FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C
rogram FilesSkypePhoneSkype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"FreeCall" = ""C
rogram FilesFreeCall.comFreeCallFreeCall.exe" -nosplash -minimized" [file not found]
"Odkurzacz-MCD" = "C
rogram FilesOdkurzaczodk_mcd.exe" ["Franmo Software"]
"odk_mcd" = "(empty string)" [file not found]
"Anonymizer" = "E:ANONYMIZERAnonymizer.exe -nogui" [file not found]
HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RemoteControl" = ""C
rogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"InCD" = "C
rogram FilesAheadInCDInCD.exe" ["Nero AG"]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"LiveMonitor" = "C
rogram FilesMSILive Update 3LMonitor.exe" [empty string]
"(Default)" = "(empty string)" [file not found]
"NVIDIA nTune" = ""C
rogram FilesNVIDIA CorporationnTunenTuneCmd.exe" clear" ["NVIDIA"]
"ccApp" = ""C
rogram FilesCommon FilesSymantec SharedccApp.exe"" ["Symantec Corporation"]
"MagicRotation" = "C
rogram FilesMagicRotationMagicPvt.exe" ["Samsung Electronics, Inc."]
"StormCodec_Helper" = ""C
rogram FilesRingz StudioStorm CodecStormSet.exe" /S /opti" [null data]
"HP Software Update" = "C
rogram FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Development Company, L.P."]
"SunJavaUpdateSched" = ""C
rogram FilesJavajre1.5.0_10binjusched.exe"" ["Sun Microsystems, Inc."]
"New.net Startup" = "rundll32 C
ROGRA~1NEWDOT~1NEWDOT~2.DLL,ClientStartup -s" [MS]
"Globe7" = ""C
rogram FilesGlobe7Globe7.exe" /hide" [file not found]
"Symantec NetDriver Monitor" = "C
ROGRA~1SYMNET~1SNDMon.exe /Consumer" ["Symantec Corporation"]
"!AVG Anti-Spyware" = ""C
rogram FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized" ["Anti-Malware Development a.s."]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{02478D38-C3F9-4efb-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Companion BHO"
InProcServer32(Default) = "C
rogram FilesYahoo!CompanionInstallscpn0ycomp5_6_2_0.dll" ["Yahoo! Inc."]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
InProcServer32(Default) = "C
ROGRA~1SkypePhoneIEPluginSKYPEI~1.DLL" ["Skype Technologies S.A."]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
InProcServer32(Default) = "C
ROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C
rogram FilesJavajre1.5.0_10binssv.dll" ["Sun Microsystems, Inc."]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}(Default) = (no title provided)
-> {HKLM...CLSID} = "CNisExtBho Class"
InProcServer32(Default) = "C
rogram FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
InProcServer32(Default) = "c
rogram filesgooglegoogletoolbar3.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = (no title provided)
-> {HKLM...CLSID} = "CNavExtBho Class"
InProcServer32(Default) = "C
rogram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
{F97DA966-F09D-4cab-BF29-75A0026986EA}(Default) = "XBTP02634"
-> {HKLM...CLSID} = "XBTP02634 Class"
InProcServer32(Default) = "C
ROGRA~1BEARSH~1BEARSH~2MediaBar.dll" [file not found]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
InProcServer32(Default) = "C:WINDOWSsystem32shdocvw.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
InProcServer32(Default) = "C
rogram FilesAheadInCDincdshx.dll" ["Nero AG"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "C
rogram FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C
rogram FilesMicrosoft OfficeOffice10msohev.dll" [MS]
"{59403EC0-EA55-11d5-954A-9A53884D6E09}" = "SecureDoc"
-> {HKLM...CLSID} = "SecureDoc"
InProcServer32(Default) = "C
ROGRA~1MSISECURE~1SecDoc.dll" ["msi"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C
rogram FilesWinRARrarext.dll" [null data]
"{9E5E1445-6CEA-4761-8E45-AA19F654571E}" = "MagicRotation Shell Extension"
-> {HKLM...CLSID} = "BkgndCtxMenuExt Class"
InProcServer32(Default) = "C:WINDOWSsystem32mpvthook.dll" ["Samsung Electronics, Inc."]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
InProcServer32(Default) = "C
rogram FilesGrisoftAVG Anti-Spyware 7.5shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon
<<!>> "System" = "kdrss.exe" [null data]
HKLMSoftwareClasses*shellexContextMenuHandlers
AVG Anti-Spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "C
rogram FilesGrisoftAVG Anti-Spyware 7.5context.dll" ["Anti-Malware Development a.s."]
SecureDocMenu(Default) = "{59403EC0-EA55-11d5-954A-9A53884D6E09}"
-> {HKLM...CLSID} = "SecureDoc"
InProcServer32(Default) = "C
ROGRA~1MSISECURE~1SecDoc.dll" ["msi"]
Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
InProcServer32(Default) = "C
rogram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C
rogram FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
AVG Anti-Spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "C
rogram FilesGrisoftAVG Anti-Spyware 7.5context.dll" ["Anti-Malware Development a.s."]
SecureDocMenu(Default) = "{59403EC0-EA55-11d5-954A-9A53884D6E09}"
-> {HKLM...CLSID} = "SecureDoc"
InProcServer32(Default) = "C
ROGRA~1MSISECURE~1SecDoc.dll" ["msi"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C
rogram FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
InProcServer32(Default) = "C
rogram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C
rogram FilesWinRARrarext.dll" [null data]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C
ocuments and SettingsMichalUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Startup items in "Michal" & "All Users" startup folders:
--------------------------------------------------------
C
ocuments and SettingsAll Users.WINDOWSMenu StartProgramyAutostart
"HP Digital Imaging Monitor" -> shortcut to: "C
rogram FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Development Company, L.P."]
"HP Photosmart Premier - Szybkie uruchomienie" -> shortcut to: "C
rogram FilesHPDigital Imagingbinhpqthb08.exe -s" [null data]
"InterVideo WinCinema Manager" -> shortcut to: "C
rogram FilesInterVideoCommonBinWinCinemaMgr.exe" ["InterVideo Inc."]
"MagicTune 3.5" -> shortcut to: "C
rogram FilesSECMagicTune3.5_ClientMagicTuneTray.exe" [empty string]
"Microsoft Office" -> shortcut to: "C
rogram FilesMicrosoft OfficeOffice10OSA.EXE -b -l" [MS]
"NaturalColorLoad" -> shortcut to: "C
rogram FilesSECNatural ColorNaturalColorLoad.exe" [empty string]
"SecureDoc" -> shortcut to: "C
rogram FilesMSISecureDocLogon.exe" ["msi"]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer - Michal" -> launches: "C
ROGRA~1NORTON~1NORTON~1Navw32.exe /task:"C
ocuments and SettingsAll Users.WINDOWSDane aplikacjiSymantecNorton AntiVirusTasksmycomp.sca"" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E
ntries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En
tries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "C
rogram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Norton Internet Security"
InProcServer32(Default) = "C
rogram FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "&Yahoo! Companion"
InProcServer32(Default) = "C
rogram FilesYahoo!CompanionInstallscpn0ycomp5_6_2_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c
rogram filesgooglegoogletoolbar3.dll" ["Google Inc."]
"{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}"
-> {HKLM...CLSID} = "BearShare MediaBar"
InProcServer32(Default) = "C
rogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll" [file not found]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
InProcServer32(Default) = "C:WINDOWSsystem32ieframe.dll" [MS]
HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {HKLM...CLSID} = "Norton Internet Security"
InProcServer32(Default) = "C
rogram FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "C
rogram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Companion"
InProcServer32(Default) = "C
rogram FilesYahoo!CompanionInstallscpn0ycomp5_6_2_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c
rogram filesgooglegoogletoolbar3.dll" ["Google Inc."]
"{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}" = (no title provided)
-> {HKLM...CLSID} = "BearShare MediaBar"
InProcServer32(Default) = "C
rogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll" [file not found]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
InProcServer32(Default) = "C
ROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
InProcServer32(Default) = "C
rogram FilesJavajre1.5.0_10binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
InProcServer32(Default) = "C
rogram FilesJavajre1.5.0_10binnpjpi150_10.dll" ["Sun Microsystems, Inc."]
{77BF5300-1474-4EC7-9980-D32B190E9B07}
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
InProcServer32(Default) = "C
ROGRA~1SkypePhoneIEPluginSKYPEI~1.DLL" ["Skype Technologies S.A."]
{DE60714F-AC17-427E-861A-FD60CBDF119A}
"ButtonText" = "Ň×ȤąşÎď"
"MenuText" = "Ň×ȤąşÎď"
"Exec" = "http://click2.ad4all.net/url2/urlmanage/url.asp?id=1" [file not found]
{E2E2DD38-D088-4134-82B7-F2BA38496583}
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C
rogram FilesMessengermsmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C
rogram FilesSymantecLiveUpdateALUSchedulerSvc.exe"" ["Symantec Corporation"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C
rogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe" ["Anti-Malware Development a.s."]
InCD Helper, InCDsrv, "C
rogram FilesAheadInCDInCDsrv.exe" ["Nero AG"]
ISSvc, ISSVC, ""C
rogram FilesNorton Internet SecurityISSVC.exe"" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C
rogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe"" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C
rogram FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe"" ["Symantec Corporation"]
nTune Service, nTuneService, "C
rogram FilesNVIDIA CorporationnTunenTuneService.exe /StartService" ["NVIDIA"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""C
rogram FilesCommon FilesSymantec SharedccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C
rogram FilesCommon FilesSymantec SharedSNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C
rogram FilesCommon FilesSymantec SharedccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C
rogram FilesCommon FilesSymantec SharedccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C
rogram FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe"" ["Symantec Corporation"]
Print Monitors:
---------------
HKLMSystemCurrentControlSetControlPrintMonitors
HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"]
PCL hpz3l054Driver = "hpz3l054.dll" ["Hewlett-Packard Company"]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 40 seconds, including 4 seconds for message boxes)